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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims : 

1-66. (cancelled). 

67. (currently amended) A method, performed by a client, of leveraging a connection 
with an intermediary to access a secured service, the method comprising: 

establishing an authenticated connection between a client and an intermediary; 
receiving a user request for access to a secured service; 

submitting, by the client, a request, which is based on the user request for access to a 
secured service, to [[an]] the intermediary that is physically distinct of the secured service; 

receiving, from the intermediary, constrained authorization information that has been 
auth e nticated electronically negotiated by the secured service and the intermediary , r e sponsiv e to 
th e cli e nt r e qu e st the constrained authorization information being electronically negotiated in 
response to the client request ; and 

submitting, by the client, the constrained authorization information to the secured service 
to establish a direct authenticated connection between the client and the secured service 
independent of the authenticated connection between the client and the intermediary. 

68. (previously presented) The method of claim 67 wherein establishing the 
authenticated connection between the client and the intermediary comprises: 

sending, by the client, keystone authentication information to the intermediary; and 
receiving, from the intermediary, verification of the keystone authentication information. 
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69. (previously presented) The method of claim 68 wherein submitting the request to the 
intermediary for access to the secured service prompts the intermediary to authenticate itself to 
the secured service without provision by the client of authentication information duplicative or 
additional to the keystone information. 

70. (previously presented) The method of claim 69 wherein the intermediary is 
authenticated to the secured service by provision, by the intermediary, of a leveraged 
authentication based on the keystone authentication. 

71. (previously presented) The method of claim 67 wherein the constrained 
authorization information has been issued by the secured service and sent by the secured service 
to the intermediary 

72. (currently amended) The method of claim 67 wherein the constrained authorization 
information has been provided by the intermediary and authenticated by the secured service. 

73. (currently amended) The method of claim 67 wherein the constrained authorization 
information comprises on e or mor e of a constraint that th e authorization information has b ee n 
us e d no mor e than a pr e d e termin e d numb e r of tim e s, a constraint that the authorization 
information be used within a predetermined time , and a constraint that th e authorization 
information b e r e c e iv e d from only th e client . 



74. (previously presented) The method of claim 67 wherein the client comprises one or 
more of a web browser, an e-mail client, a synchronization client, an instant messaging client, a 
software productivity application, an operating system, and an operating system kernel. 
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75. (previously presented) The method of claim 67 wherein the intermediary comprises 
one or more of an instant messaging service, an e-mail service, a login service, an authentication 
service, an authorization service, a persistent connection service, and a broker service. 

76. (previously presented) The method of claim 67 wherein the secured service 
comprises one or more of an e-mail service, a synchronization service, a print service, a file 
access service, an instant messaging service, an operating system, an operating system kernel, an 
authentication service, an authorization service, and a persistent connection service. 

77. (previously presented) The method of claim 67 wherein the client request for access 
to the secured service comprises an explicit request for access by the client. 

78. (previously presented) The method of claim 67 wherein the client request for access 
to the secured service comprises a communication sent by the client to the intermediary via the 
secured service. 

79. (previously presented) The method of claim 67 wherein the secured service is 
available for direct authentication by a user without the user establishing an authenticated 
connection between the user and the intermediary. 

80. (previously presented) The method of claim 67 wherein the direct authenticated 
connection between the client and the secured service is established by leveraging a connection 
other than the authenticated connection between the client and the intermediary. 

81-95. (Canceled) 

96. (new) The method of claim 67 wherein receiving, from the intermediary, 
constrained authorization information that has been electronically negotiated by the secured 
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service and the intermediary comprises receiving constrained authorization information 
electronically negotiated by the secured service and the intermediary through an exchange of 
electronic messages between the secured service and the intermediary. 

97. (new) The method of claim 96 wherein receiving constrained authorization 
information electronically negotiated by the secured service and the intermediary through an 
exchange of electronic messages between the secured service and the intermediary comprises 
receiving constrained authorization information generated by the secured service and sent to the 
intermediary in an electronic message. 

98. (new) The method of claim 96 wherein receiving constrained authorization 
information electronically negotiated by the secured service and the intermediary through an 
exchange of electronic messages between the secured service and the intermediary comprises 
receiving constrained authorization information generated by the intermediary, sent to the 
secured service in an electronic message, and accepted by the secured service. 

99. (new) The method of claim 67 wherein receiving, from the intermediary, 
constrained authorization information that has been electronically negotiated by the secured 
service and the intermediary comprises receiving constrained authorization information stored by 
the secured service in electronic storage. 

100. (new) The method of claim 99 wherein submitting, by the client, the constrained 
authorization information to the secured service to establish a direct authenticated connection 
between the client and the secured service independent of the authenticated connection between 
the client and the intermediary comprises submitting, by the client, the constrained authorization 
information to the secured service to establish a direct authenticated connection between the 
client and the secured service by comparing the constrained authorization information submitted 
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by the client with the constrained authorization information stored by the secured service in 
electronic storage. 

101. (new) The method of claim 67 wherein receiving, from the intermediary, 
constrained authorization information that has been electronically negotiated by the secured 
service and the intermediary comprises receiving constrained authorization information and a 
target connection point. 

102. (new) The method of claim 101 wherein submitting, by the client, the constrained 
authorization information to the secured service to establish a direct authenticated connection 
between the client and the secured service independent of the authenticated connection between 
the client and the intermediary comprises submitting, by the client, the constrained authorization 
information to the secured service at the target connection point. 

103. (new) The method of claim 67 wherein the constrained authorization information 
comprises a constraint that the authorization information has been used no more than a 
predetermined number of times. 

104. (new) The method of claim 67 wherein the constrained authorization information 
comprises a constraint that the authorization information be received from only the client. 

105. (new) A method, performed by an intermediary, of leveraging a connection with a 
client to provide the client with access to a secured service, the method comprising: 

establishing an authenticated connection between a client and an intermediary; 

receiving, from the client, a request for access to a secured service that is physically 
distinct of the intermediary; 

electronically negotiating constrained authorization information with the secured service 
in response to receiving the client request; and 
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submitting the constrained authorization information to the client to enable the client to 
submit the constrained authorization information to the secured service to establish a direct 
authenticated connection between the client and the secured service independent of the 
authenticated connection between the client and the intermediary. 

106. (new) The method of claim 105 wherein establishing the authenticated connection 
between the client and the intermediary comprises: 

receiving, from the client, keystone authentication information at the intermediary; and 
sending, to the client, verification of the keystone authentication information. 

107. (new) The method of claim 106 wherein receiving, from the client, a request for 
access to a secured service prompts the intermediary to authenticate itself to the secured service 
without provision by the client of authentication information duplicative or additional to the 
keystone information. 

108. (new) The method of claim 107 wherein the intermediary is authenticated to the 
secured service by provision, by the intermediary, of a leveraged authentication based on the 
keystone authentication. 

109. (new) The method of claim 105 wherein the client comprises one or more of a web 
browser, an e-mail client, a synchronization client, an instant messaging client, a software 
productivity application, an operating system, and an operating system kernel. 

110. (new) The method of claim 105 wherein the intermediary comprises one or more of 
an instant messaging service, an e-mail service, a login service, an authentication service, an 
authorization service, a persistent connection service, and a broker service. 
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111. (new) The method of claim 105 wherein the secured service comprises one or more 
of an e-mail service, a synchronization service, a print service, a file access service, an instant 
messaging service, an operating system, an operating system kernel, an authentication service, an 
authorization service, and a persistent connection service. 

1 12. (new) The method of claim 105 wherein the client request for access to the secured 
service comprises an explicit request for access by the client. 

113. (new) The method of claim 105 wherein the client request for access to the secured 
service comprises a communication sent by the client to the intermediary via the secured service. 

114. (new) The method of claim 105 wherein the secured service is available for direct 
authentication by a user without the user establishing an authenticated connection between the 
user and the intermediary. 

115. (new) The method of claim 105 wherein the direct authenticated connection 
between the client and the secured service is established by leveraging a connection other than 
the authenticated connection between the client and the intermediary. 

116. (new) The method of claim 105 wherein electronically .negotiating constrained 
authorization information with the secured service in response to receiving the client request 
comprises electronically negotiating constrained authorization information through an exchange 
of electronic messages between the secured service and the intermediary. 

117. (new) The method of claim 105 wherein electronically negotiating constrained 
authorization information through an exchange of electronic messages between the secured 
service and the intermediary comprises receiving constrained authorization information 
generated by the secured service in an electronic message. 
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118. (new) The method of claim 105 wherein electronically negotiating constrained 
authorization information through an exchange of electronic messages between the secured 
service and the intermediary comprises generating constrained authorization information, 
sending the constrained authorization information to the secured service in an electronic 
message, and receiving an electronic message from the secured service indicating that the 
secured service has accepted the constrained authorization information. 

119. (new) The method of claim 105 wherein electronically negotiating constrained 
authorization information with the secured service in response to receiving the client request 
comprises electronically negotiating constrained authorization information stored by the secured 
service in electronic storage. 

120. (new) The method of claim 119 wherein submitting the constrained authorization 
information to the client to enable the client to submit the constrained authorization information 
to the secured service to establish a direct authenticated connection between the client and the 
secured service independent of the authenticated connection between the client and the 
intermediary comprises submitting the constrained authorization information to the client to 
enable the client to submit the constrained authorization information to the secured service to 
establish a direct authenticated connection between the client and the secured service by 
comparing the constrained authorization information submitted by the client with the constrained 
authorization information stored by the secured service in electronic storage. 

121. (new) The method of claim 105 wherein: 

electronically negotiating constrained authorization information with the secured service 
in response to receiving the client request comprises electronically negotiating constrained 
authorization information and a target connection point, and 
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submitting the constrained authorization information to the client to enable the client to 
submit the constrained authorization information to the secured service to establish a direct 
authenticated connection between the client and the secured service independent of the 
authenticated connection between the client and the intermediary comprises submitting the 
constrained authorization information and the target connection point to the client. 

122. (new) The method of claim 121 wherein submitting the constrained authorization 
information to the client to enable the client to submit the constrained authorization information 
to the secured service to establish a direct authenticated connection between the client and the 
secured service independent of the authenticated connection between the client and the 
intermediary comprises submitting the constrained authorization information to the client to 
enable the client to submit the constrained authorization information to the secured service at the 
target connection point. 

123. (new) The method of claim 105 wherein the constrained authorization information 
comprises a constraint that the authorization information be used within a predetermined time. 

124. (new) The method of claim 105 wherein the constrained authorization information 
comprises a constraint that the authorization information has been used no more than a 
predetermined number of times. 

125. (new) The method of claim 105 wherein the constrained authorization information 
comprises a constraint that the authorization information be received from only the client. 

126. (new) A method, performed by a secured service, of allowing a client access based 
on an authenticated connection between the client and an intermediary, the method comprising: 



Applicant 
Serial No. 
Filed 
Page 



Robert Bruce Hirsh 
09/894,919 
June 29, 2001 
11 of 18 



Attorney's Docket No.: 06975-200001 / Security 13 



receiving, at a secured service and from an intermediary that has established an 
authenticated connection with a client, notification of a request by the client to access the secured 
service; 

electronically negotiating constrained authorization information with the intermediary in 
response to receiving the notification; 

receiving, from the client, the constrained authorization information that has been 
submitted to the client by the intermediary, and 

establishing a direct authenticated connection with the client independent of the 
authenticated connection between the client and the intermediary based on the received 
constrained authorization information. 

127. (new) The method of claim 126 wherein the client comprises one or more of a web 
browser, an e-mail client, a synchronization client, an instant messaging client, a software 
productivity application, an operating system, and an operating system kernel. 

128. (new) The method of claim 126 wherein the intermediary comprises one or more of 
an instant messaging service, an e-mail service, a login service, an authentication service, an 
authorization service, a persistent connection service, and a broker service. 

129. (new) The method of claim 126 wherein the secured service comprises one or more 
of an e-mail service, a synchronization service, a print service, a file access service, an instant 
messaging service, an operating system, an operating system kernel, an authentication service, an 
authorization service, and a persistent connection service. 

130. (new) The method of claim 126 wherein the client request for access to the secured 
service comprises an explicit request for access by the client. 
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131. (new) The method of claim 126 wherein the client request for access to the secured 
service comprises a communication sent by the client to the intermediary via the secured service. 

132. (new) The method of claim 126 wherein the secured service is available for direct 
authentication by a user without the user establishing an authenticated connection between the 
user and the intermediary. 

133. (new) The method of claim 126 wherein the direct authenticated connection 
between the client and the secured service is established by leveraging a connection other than 
the authenticated connection between the client and the intermediary. 

134. (new) The method of claim 126 wherein electronically negotiating constrained 
authorization information with the intermediary in response to receiving the notification 
comprises electronically negotiating constrained authorization information through an exchange 
of electronic messages between the secured service and the intermediary. 

135. (new) The method of claim 134 wherein electronically negotiating constrained 
authorization information through an exchange of electronic messages between the secured 
service and the intermediary comprises generating constrained authorization information and 
sending the constrained authorization information to the intermediary in an electronic message. 

136. (new) The method of claim 134 wherein electronically negotiating constrained 
authorization information through an exchange of electronic messages between the secured 
service and the intermediary comprises receiving an electronic message form the intermediary 
including constrained authorization information generated by the intermediary, accepting the 
constrained authorization information, and sending an electronic message to the intermediary 
indicating that the constrained authorization information has been accepted. 
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137. (new) The method of claim 126 further comprising storing the electronically 
negotiated constrained authorization information in electronic storage. 

138. (new) The method of claim 137 wherein establishing a direct authenticated 
connection with the client independent of the authenticated connection between the client and the 
intermediary based on the received constrained authorization information comprises establishing 
a direct authenticated connection with the client by comparing the received constrained 
authorization information with the stored constrained authorization information. 

139. (new) The method of claim 126 wherein electronically negotiating constrained 
authorization information with the intermediary in response to receiving the notification 
comprises electronically negotiating constrained authorization information and a target 
connection point. 

140. (new) The method of claim 139 wherein receiving, from the client, the constrained 
authorization information that has been submitted to the client by the intermediary comprises 
receiving, from the client, the constrained authorization information at the target connection 
point. 

141. (new) The method of claim 126 wherein the constrained authorization information 
comprises a constraint that the authorization information be used within a predetermined time. 

142. (new) The method of claim 126 wherein the constrained authorization information 
comprises a constraint that the authorization information has been uSed no more than a 
predetermined number of times. 

143. (new) The method of claim 126 wherein the constrained authorization information 
comprises a constraint that the authorization information be received from only the client. 



